Commit 32d38c75 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

configuration (policy) file handling moved to a dedicated module

parent a650d948
......@@ -6,7 +6,6 @@ Licensed under the terms of GPL2
module(..., package.seeall)
require 'json'
require 'lfs'
require 'stringy'
......@@ -14,6 +13,7 @@ require 'awall.ipset'
require 'awall.iptables'
require 'awall.model'
require 'awall.object'
require 'awall.policy'
require 'awall.util'
......@@ -55,64 +55,9 @@ Config = object.class(object.Object)
function Config:init(confdirs, importdirs)
self.input = {}
self.input = policy.PolicySet.new(confdirs, importdirs):load()
self.iptables = iptables.IPTables.new()
local required = {}
local imported = {}
local function import(name, fname)
local file
if fname then
file = io.open(fname)
else
for i, dir in ipairs(importdirs or {'/usr/share/awall/optional'}) do
file = io.open(dir..'/'..name..'.json')
if file then break end
end
end
if not file then error('Import failed: '..name) end
local data = ''
for line in file:lines() do data = data..line end
file:close()
data = json.decode(data)
table.insert(required, name)
for i, iname in util.listpairs(data.import) do
if not util.contains(imported, iname) then
if util.contains(required, iname) then
error('Circular import: ' + iname)
end
import(iname)
end
end
table.insert(imported, name)
for cls, objs in pairs(data) do
if cls ~= 'import' then
if not self.input[cls] then self.input[cls] = objs
elseif objs[1] then util.extend(self.input[cls], objs)
else
for k, v in pairs(objs) do self.input[cls][k] = v end
end
end
end
end
for i, dir in ipairs(confdirs or
{'/usr/share/awall/mandatory', '/etc/awall'}) do
local names = {}
for fname in lfs.dir(dir) do
local si, ei, name = string.find(fname, '^([%w-]+)%.json$')
if name then table.insert(names, name) end
end
table.sort(names)
for i, name in ipairs(names) do import(name, dir..'/'..name..'.json') end
end
local function expandvars(obj)
for k, v in pairs(obj) do
if type(v) == 'table' then
......
--[[
Policy file handling for Alpine Wall
Copyright (C) 2012 Kaarle Ritvanen
Licensed under the terms of GPL2
]]--
module(..., package.seeall)
require 'json'
require 'lfs'
require 'lpc'
require 'awall.object'
require 'awall.util'
local util = awall.util
local function open(name, dirs)
if not string.match(name, '^[%w-]+$') then
error('Invalid characters in policy name: '..name)
end
for i, dir in ipairs(dirs) do
local path = dir..'/'..name..'.json'
file = io.open(path)
if file then return file, path end
end
end
local function list(dirs)
local allnames = {}
local res = {}
for i, dir in ipairs(dirs) do
local names = {}
local paths = {}
for fname in lfs.dir(dir) do
local si, ei, name = string.find(fname, '^([%w-]+)%.json$')
if name then
if util.contains(allnames, name) then
error('Duplicate policy name: '..name)
end
table.insert(allnames, name)
table.insert(names, name)
paths[name] = dir..'/'..fname
end
end
table.sort(names)
for i, name in ipairs(names) do
table.insert(res, {name, paths[name]})
end
end
return res
end
PolicySet = awall.object.class(awall.object.Object)
function PolicySet:init(confdirs, importdirs)
self.autodirs = confdirs or {'/usr/share/awall/mandatory', '/etc/awall'}
self.confdir = self.autodirs[#self.autodirs]
self.importdirs = importdirs or {'/usr/share/awall/optional'}
end
function PolicySet:load()
local input = {}
local required = {}
local imported = {}
local function import(name, fname)
if util.contains(imported, name) then return end
if util.contains(required, name) then
error('Circular import: '..name)
end
local file = fname and io.open(fname) or open(name, self.importdirs)
if not file then error('Import failed: '..name) end
local data = ''
for line in file:lines() do data = data..line end
file:close()
data = json.decode(data)
table.insert(required, name)
for i, iname in util.listpairs(data.import) do import(iname) end
table.insert(imported, name)
for cls, objs in pairs(data) do
if cls ~= 'import' then
if not input[cls] then input[cls] = objs
elseif objs[1] then util.extend(input[cls], objs)
else
for k, v in pairs(objs) do input[cls][k] = v end
end
end
end
end
for i, pol in ipairs(list(self.autodirs)) do import(unpack(pol)) end
return input, imported
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment